Terry Childs - the sysadmin who refused to hand back passwords to San Francisco's network - has been found guilty of computer tampering.
Although guilty of a felony Childs could be released quite soon - he's been in custody for almost two years awaiting trial.
One juror told the San Francisco Chronicle: "We had a lot of …

Jurors discussing cases

Once the case is decided, as far as I know, unless there is an official order against it, jurors are free to discuss the case with anyone. Although this information comes from people directly involved with court proceedings, I welcome someone to correct me if I am misinformed.

Talking to the press

It's unusual...

But once the trial is over they are free to talk about it. In this case I'm a little surprised since the sentencing hasn't happened yet, but I would hope the juror in question had enough sense to check with a lawyer/judge first about exactly when their obligation to keep quite ended.

Juror writing...

Jurors cannot publish or disseminate any information about trial proceedings or jury deliberations while the trial is ongoing. Jurors are allowed to compile notes during the trial, but they are also supposed to make these notes in the binders or notebooks provided to them by the Court for that purpose. They are not allowed to take these notes from the deliberation room during or after the trial.

However, there is nothing that prevents the jurors from talking about the proceedings or deliberations after the trial is concluded and the Judge has dismissed the jury unless the trial was for some reason Sealed (minor, national security, etc). It has also been known that jurors might write daily details and highlights during personal time if the jury is sequestered during the trial.

There are many, many books out there from jurors regaling us with tales during high-profile trials (OJ, anyone?). Nothing against any red-blooded American making a buck off the misery of others, eh?

IANAL

Afterwards OK

I don't think they are permitted to talk about a case during the trial.

However, I don't know why they wouldn't be allowed to talk about it afterwards, unless there were some aspects of the case that are closed to the public such as if a minor's identity was protected by the court.

>Surely the prospect of jurors hoping for juicy interviews when a trial ends could interfere with justice.

What kind of interference did you have in mind?

In some ways I think it is informative to get commentary after the fact from a juror particularly if it helps to explain why they came to the conclusion that they did. They don't usually get that opportunity in the court.

The UK is very different...

You aren't allowed to discuss jury proceedings - ever (the only exception is if you believe the jury has been unlawfully manipulated, and even then you are expected to report it to the authorities and not the press).

See notes...

A juror in any court case in the UK would be sent to jail for less than this; it is simply forbidden to discuss what you have heard of the case and what occurs during Jury deliberations from the moment it occurs until your death. The Jury's decision is necessarily secret simply because of the prejudice to the fairness of the outcome any release of information causes and the dangers to yourself of identifying yourself as a Juror.

In many trials in the UK, once Jury deliberations begin, the jury are isolated from contact with the outside world to prevent any influences over their decision.

Oh well

Breakign the Law is still ..

As an employee your duty is to follow the law and to do what you are told by your manager. If there is a conflict then advise HR or your COMPLIANCE person or seek guidance from the in house Lawyer (or if you're really worried from a personal lawyer).

Your job is NOT to second guess your employer's technical ability about if they can be trusted with the systems.

The "Oh I can't trust them not to muck it up" excuse doesn't wash with me.

Childs should have turned over the passwords, written a formal resignation letter and/or send in an dated/witnessed letter to the Mayor if he was that concerned.

Jury room

Damn...

I wonder what would have happened if he responded with: "sorry, I forgot what the password was {insert some BS excuse for forgetting it here}..." or similar. Or, he could have just said "Go away - I don't work for you anymore".

If the entity asking were a private employer, the worst they can do is sue. Apparently, if it's a local government, they can jail your ass.

I'm thinking that Childs probably pushed it a bit too far, though. You simply do not tease a government entity, especially a local one. They tend to get way too vindictive about things...

BOFH? Pshaw!

I hardly think that an angry engineer who threw his bottle out of the pram and proceeded to change some passwords, is in any way deserving of the lofty title of BOFH. In fact, I am shocked that El Reg would even consider giving this MSCE-esq fellow such a title, let alone post it as front-page news!

Furthermore, who at the Requarters(did you like that?) decides who is and who is not a BOFH? Are they qualified for such a role? I propose an investigation and publication of said individual(s) deeds and qualifications.

Re: Requarters

Jurors...

...are free individuals. Unless a judge puts a gag order on the case, they are free to do whatever they want.

Most jurors do not go public though. Once they choose that path, their personal anonymity is lost. A vengeful felon could decide to go after them.

As for as the BOFH... I see his point. But he also failed at a fundamental security tenant as well. There should have been a trusted individual (read: supervisor) who also had the passwords. This protects the infrastructure from unplanned loss of the BOFH (think unexpected demise).

untitled

For anyone thinking Childs is/was a martyr ...

... here's an extract from the slashdot commentary of the CCIE juror involved with the case, talking about the extent to which Childs went, over a number of years, to lock the entire system down and ensure he was required to administer it (numerous comments somewhat aggregated here: http://bit.ly/9dMwD4):

"The next problem was the core routers, which were 6500 series. The IOS running on these did not have the "no service password-recovery" feature, so what he did here was to erase the NVRAM and only keep the running configuration. Any attemt to do a password recovery would require a reboot, and the configuration would be gone. The core routers were not configured to load a new configuration from a remote server, but instead Terry Childs had modems connected to terminal servers so that in the event of any power outage he would be able to dial in and load the configurations back in.

[snip description of the sole, uber-encrypted DVD with the config backups that he carried with him at all times]

As for system logs, the city had no access to see what these might have said, as the routers were set up to log only to a server that Terry Childs controlled. He was the only one with passwords to that server. And not only that, he had placed that server inside a black metal cabinet with holes drilled in the side to allow cable runs, and the cabinet had two padlocks on it. Slight paranoia?"

pretty basic security

If any of this kit was in «public» space (i.e. anywhere the cleaning has access to, for example), what you describe is pretty basic security, by no means over the top. The password recovery systems are probably the single most idiotic feature for this kind of equipment. They should always be disabled by any mean necessary (the single password recovery system anyone could need is a note in a sealed envelope inside an airtight safe, preferably one that needs 2 keys, kept by two different persons).

Protecting the security logs does make a lot of sense too. And loading configs from a remote server after power failure? Puh-leese.

No, really, all that does make a lot of sense. Of course it makes it difficult for anyone but the admin to change anything in the configuration, but guess what? That's the bloody point (and that was his job). You don't want to leave admin rights to your whole network too near to the mexican temp who empties the paper bin after hours, or to the redneck with alcohol and gambling issues who checks on the parking lot at night.

A big city's network should be locked down a tad more tightly than Aunt Mildred's PC, don't you think?

Memory Wipe.

Official : "Mr BOFH, you're fired, please hand over all passwords"

Mr BOFH : "I'm not an employee of your company, therefore I have no reason to know any of your passwords and have wiped them from my mind, you will need to retrieve them from the secure location they are stored in"

Official : "Thank you Mr BOFH, where is this secure location"

Mr BOFH : "I'm not an employee of your company therefore have no reason to know where this location is and have wiped it from my mind" .....

The juror was right ...

Any organization that puts all its eggs into one basket like that is indeed run by a bunch of incompetents. What if the guy had a heart attack or got run over by a bus?

My last organization had an IT handover process (which we called a 'digital will') whereby you had to have a file (locked in a fireproof safe) detailing who was to do what if you should unexpectedly become unavailable, and how each person should obtain the necessary permissions.

(And like a good sysadmin I also made sure I had my own backdoor installed, should I need to intervene directly after I left the organization ...)

Whats a BOFH

http://www.theregister.co.uk/odds/bofh/

I still fail to see how this was a criminal issue

This was an employee/employer issue in my point of view which makes it a matter for the civil courts. Forgive me if I'm wrong... I fail to see how its criminal. Did he break into any systems after he was fired? Did he access anything he should not have accessed? Or was this simply an issue of the City of San Francisco not having admin passwords in case something broke?